Policies

This section discusses the following topics:

Assigning or Synchronizing a Common Configuration to the NG Firewall Appliances

The ETM Dashboard Configuration Templates enable you to replicate a configuration across multiple NG Firewall appliances. This is useful, for example, if you want to have a standby failover system or manage multiple deployments that use an identical configuration. Configuration replication works in combination with Configuration Backup


NG Firewall configuration replication can include a complete configuration or specific sections. You can manage both options in the Appliances > NGFW > Policies area of the ETM Dashboard.

  • To push the complete configuration, select Templates. Note that the network configuration is excluded from the template.
  • To push specific types of configuration, such as Firewall rules or Captive Portal settings, use the application grouping options at the top of the Policies menu.

Prerequisites

Note: If you select Policy Manager to create custom policies, you must create the same policy names on each appliance. Otherwise, only the default policy synchronizes to each appliance.

Creating Templates

To create a template:
  1. Navigate to the Appliances > NGFW > > Policies tab in the ETM Dashboard.
  2. In the menu bar at the top of the table, click Template Configuration.
  3. Click Add Template to open the template configuration wizard.
  4. Choose an appliance you want to use as the configuration master and click Next.
  5. Choose a recent backup and click Next.
  6. Choose appliances to sync from the master.
  7. If you want the appliances to synchronize when you change to the master, enable Keep in Sync and set a schedule.

  8. Click Next.
  9. In the final step, click Create Template to apply the configuration template.

Managing Templates

Sorting and Filters

The Template Configuration grid displays your templates and relevant details in sortable and filterable columns. You can manage these options and show or hide columns by clicking the three horizontal lines to the right of any column header to access the menu.

Sync options

Sync Now - You can manually initiate a configuration sync by selecting one or more templates and clicking Sync Now. You can also configure appliances to synchronize automatically.

Keep in Sync-You can set a sync schedule as Immediate, Daily, or Weekly. You can configure the Keep in Sync option when creating a new configuration template or by selecting the template and clicking Manage Template afterward.

Notes regarding synchronization:
  • If a template is configured for immediate synchronization and the target appliance is offline, the target appliance retries every 12 hours for up to 7 days.
  • You can check the status of the synchronized appliances in the Event Log. Audit History.

Target Appliances

Target Appliances inherit the configuration of the Master Appliance based on the sync options. You configure target appliances when creating a new configuration template or afterward by selecting the template and clicking Manage Template.

Note: Each NG Firewall appliance must be on the same version. The configuration does not sync unless the version of the appliance matches the version of the master appliance.

Deleting Templates

To delete one or more templates, select the template and click Delete Templates.